Equifax Hack Exposes Sensitive Information of 143 Million American Consumers

Equifax, one of the three major consumer credit reporting agencies, revealed in early September that earlier this year hackers had gained access to sensitive personal information information for 143 million American consumers.

This attack is one of the largest hacks in recent years and the hackers stole such information as names, addresses, Social Security numbers, birth dates and driver’s license numbers, the New York Times reports.

Credit reporting agencies are a “particularly tempting target for hackers,” according to the Times. With the type of data the thieves obtained from Equifax, they can impersonate consumers with lenders, creditors and service providers, who rely on credit reports to make decisions about extending credit.

A carefully built credit history can quickly be destroyed. The consumer faces serious financial difficulties and it may take months, even years of effort to repair the record.

Pamela Dixon, executive director of the nonprofit research group World Privacy Forum, says this hack “is about as bad as it gets.” Dixon calculates that there is a better than “50 percent” chance that anyone with a credit report is caught in this breach.

The attorneys at Parker Waichman LLP are investigating possible legal action on behalf of consumers who are vulnerable to identity theft because of the Equifax breach.

Breach Occurred in Spring 2017

The hackers gained access to Equifax files between mid-May and July by exploiting a weak point in website software, according to an investigation by Equifax and security consultants. Equifax discovered the hack on July 29. Since then, Equifax says it has found no evidence of unauthorized activity in either its main consumer or commercial credit reporting databases.

There have been larges breaches than this one, in terms of sheer numbers of consumers involved, but the Equifax attack is far worse in terms of the types of personal information obtained. The hackers could possibly access not only bank and credit accounts, but also medical histories and employee accounts.

The FBI is aware of the breach and is monitoring the situation, the Times reports

In 2016, identity thieves successfully stole tax and salary data from an Equifax website, and this year stole the same type of data from Equifax subsidiary, TALX, which provides online payroll, tax and human resources services to corporations.

Criticism of Equifax

Cybersecurity professionals criticized Equifax for not improving its security practices after the earlier data thefts, according to the Times. The thieves succeeded because of a simple website vulnerability. Avivah Litan, a fraud analyst, said, “Equifax should have multiple layers of controls.” If hackers manage to break in, the system should be able to stop them before they do substantial damage.

Consumers are angry about the breach because it not only puts them at risk for identity theft but also creates a burden on them to take action to protect private information that should have been protected by Equifax.

Sen. Mark R. Warner, who co-founded the Senate Cybersecurity Caucus, said he believed the severity of the Equifax breach raised serious questions about whether Congress needed to rethink data protection policies. “[A] breach such as this — exposing highly sensitive personal and financial information central for identity management and access to credit — represents a real threat to the economic security of Americans,” Warner said.

Advice for Consumers

Equifax has offered consumers a year of free credit monitoring and other services. Consumers have until November 21, 2017 to enroll. Experts recommend that consumers enroll for these services even if their information was not exposed in the breach.

But John Ulzheimer, a consumer credit expert, said the Equifax offer of one year of free protection does not go far enough. Consumers’ their information can be bought and sold by hackers for years to come, Ulzheimer said.

The Federal Trade Commission (FTC) urges consumers to check their credit reports from the three major credit reporting agencies, Equifax, Experian, and TransUnion. In addition, consumers should monitor the reports for accounts they don’t recognize or activity on existing accounts that they did not initiate. IdentityTheft.gov offers information for consumers.

The FTC further advises consumers to consider placing a freeze on their credit reports with all three agencies. The consumer must lift the freeze to allow access to the report and can do so in order to apply for a credit card, mortgage, or auto loan. A credit freeze makes it harder for a thief to open a fraudulent account, though the freeze does not prevent a thief from making unauthorized charges to existing accounts. With a credit freeze in place, the consumer cannot obtain instant credit but experts say the inconvenience of lifting the freeze is outweighed by the protection it affords.

If Your Personal Information was Exposed in the Equifax Breach

If your personal information was exposed in the Equifax breach, you should consult the attorneys at Parker Waichman LLP about your legal options, even if there has been no unauthorized use of your credit. For a free, no-obligation consultation, fill out the online contact form or call 1-800-YOURLAWYER (1-800-968-7529).